Security @ WorkWave

We stand behind our security practices, policies and infrastructure for our solutions and services, ensuring we are always the best partner we can be to our customers. Security is a key component in all our offerings and is reflected in our people, processes and products.

Operational Security

Our security and risk management processes prevent sensitive information from getting into the wrong hands. Further, they ensure all operations are running securely, protecting the confidentiality of our customers’ information.

Security Operations

WorkWave actively monitors our systems for external and internal threats at the application, server and network levels through a dedicated security operations team.

We maintain and execute security incident response procedures in response to a wide variety of threats and work closely with our engineering and external security teams to identify and remediate vulnerabilities.

Incident Response

WorkWave has established policies and procedures to handle and respond to any potential security incidents that can affect WorkWave infrastructure and services in direct or indirect fashion.

Incident response procedures are tested and updated on an annual basis or when a major infrastructure change occurs.

Vulnerability Management

WorkWave performs security audits on our internal and external environments.

Audits are performed by our in-house security team and credentialled third-party security vendors. Audit results are reviewed by WorkWave’s security committee. Reported vulnerabilities are prioritized, tracked and resolved to eliminate the risk of known vulnerabilities.

Secure Development Lifecycle

WorkWave has introduced ‘Privacy By Design’ and ‘Secure-By-Design’ methodologies into our product development lifecycle.

User privacy and security are evaluated during each stage of the development process to ensure only necessary data is collected to perform an application’s task.

Technology Infrastructure Security

We take rigorous measures to secure the network of electronic systems and devices that are configured, operated and maintained by WorkWave to provide various internal and external functions and services.

Cloud and Network Security

We employ rigorous safeguards and security measures to provide a secure environment to you and your customers.

We employ a defense in depth strategy utilizing web application firewalls, multi-factor authentication, intrusion detection systems, audit and logging systems, restricted access controls and encrypted access tools.

Endpoint Security

All application endpoints employ network firewalls, web application firewalls, intrusion detection systems, DDOS mitigation, HTTPS TLS 1.2+ encryption and fully authenticated sessions to ensure the security of our applications.

Sensitive servers and systems are deployed to private networks, behind load balancers, network firewalls and proxy servers to reduce our security footprint.

Monitoring and Threat Detection

We employ advanced logging and monitoring of network, system, OS, application, database and cloud events. Logs are stored separately from production systems to ensure their integrity. We log more than a billion events each day to ensure the performance and security of our systems.

Identity and Access Control

WorkWave has established strict rules and processes around user access provisioning to minimize the risk of data exposure. WorkWave follows principles of least-privilege and role-based permissions when provisioning access.

User access audits are performed by the WorkWave Security team on regular intervals. Employees are required to use strong passwords with multi-factor authentication and SSO.

Physical Security

WorkWave controls access to its resources, including buildings, infrastructure and facilities. We provide employees, contractors, vendors and visitors with different access cards that only allow access strictly specific to the purpose of their entrance onto the premises.

WorkWave’s office building security monitors all entry and exit movements throughout our premises in all our business centers through CCTV cameras deployed according to local regulations.

Physical security of data centers are managed by data center and cloud providers including AWS, Google and others.

Data Security

We protect your information against unauthorized access or use and operational failures that could result in exposure, deletion, or corruption of that data. Data security exercises ensure we practice caution while handling sensitive data that passes through our systems.

Availability and Disaster Recovery

All WorkWave systems are highly available, employing redundant systems and networking to ensure continuous service in the event of failures.

In the event of a recovery event, WorkWave has defined DR plans to ensure a coordinated and quick response.

Data Protection and Encryption

All databases are backed up and stored in 4 separate and encrypted physical locations to provide the highest resiliency against data corruption and ransomware threats.

Document storage is backed by Amazon’s S3 service to provide the highest levels of security, resiliency and availability.

Privacy and Compliance

Data privacy and compliance programs at WorkWave are focused on how personal information and data are collected, used, shared and processed, consistent with the expectations of the individual and applicable laws, regulations, professional practice requirements and contractual obligations.

Privacy

WorkWave makes every effort to preserve the privacy of its users and customers. Our detailed privacy statement can be found here.

Governance, Risk and Compliance

All production changes go through a rigorous and SOC-1 certified change management processes.

We frequently conduct vulnerability scans and penetration tests to improve the security of our cloud environments.

We follow ISO 27001, GDPR, CCPA, PCI DSS and SOC-1 guidelines for risk management, change management, data privacy and security.

Compliance Certifications

WorkWave works with leading audit firms to certify our adherence to industry-standard compliance programs and regulations so you can have confidence that your company and customer data is secure and compliant.

Certifications: PCI DSS, SOC-1 Type 2, Soc-2 Type 2, Privacy Shield

Employee and Partner Security

WorkWave follows strict guidelines while onboarding new vendors, employees and contractors to ensure our customers are in safe hands. Further, we ensure our employees have the knowledge and skills to perform their roles effectively while protecting the security of our systems and your data. This helps WorkWave to prevent and mitigate user and partner risk.

Training & Certification

WorkWave has created a culture of security that covers all employees.

All employees are required to take security awareness training on a regular basis. Engineering and operations employees receive additional job/function-specific training and certification to be informed, adaptable and responsive to whatever risks may arise.

Background verification

Each WorkWave employee undergoes a process of background verification. We hire reputable external agencies to perform this check on our behalf. We do this to verify criminal records, previous employment records if any, and educational background. Until this check is performed, the employee is not assigned tasks that may pose risks to customers.

Vendor Security

WorkWave utilizes third-party technology vendors to provide additional functionalities and software integrations. We take appropriate steps to ensure our security requirements are maintained by vendors at all times.

WorkWave evaluates vendor security at least annually.

Report a Security Issue

WorkWave has a Responsible Disclosure Program to work with the community to identify security issues in our products. If you discover a vulnerability in our systems, products or network infrastructure, WorkWave appreciates your help in disclosing it to our company in a responsible manner by sending an email to security@workwave.com.

Read our whitepaper to learn more about security at WorkWave.